Welcome to SecureDrop’s documentation!

SecureDrop is an open-source whistleblower submission system that media organizations can use to securely accept documents from and communicate with anonymous sources.

This documentation is intended for sources, journalists, and administrators. If you would like to contribute to SecureDrop, please see our developer documentation.

User Guides

• Source Guide
  • What is SecureDrop?
  • Suggested Devices for Using SecureDrop
  • Choose the Right Location
  • Use Tor Browser
  • Choose Who to Submit To
  • Making Your First Submission
  • Continuing the Conversation
• Journalist Guide
  • Connecting to the Tor network in Tails
  • Updating Your Workstation
  • Connecting to the Journalist Interface
  • Daily Journalist Alerts About Submissions
  • Interacting With Sources
  • Moving Documents to the Secure Viewing Station
  • Working with Documents
  • Moving Documents to Your Everyday Workstation
  • Decrypting and Preparing to Publish
  • Deleting submissions and source accounts
• Admin Guide
  • Responsibilities
  • The Admin Interface
  • Server SSH Access
  • The securedrop-admin Utility
  • Frequently Asked Questions
• Passphrase Best Practices
  • General Best Practices
  • For Sources
  • For Journalists/Admins

Install SecureDrop

• Overview
  • Technical Summary
  • Infrastructure
  • Operation
• Glossary
  • Admin Workstation
  • Application Server
  • Export Device
  • Journalist
  • Journalist Alert Public Key
  • Journalist Interface
  • Journalist Workstation
  • Landing Page
  • Monitor Server
  • Onion Service
  • OSSEC Alert Public Key
  • Secure Viewing Station
  • Source
  • Source Interface
  • Submission Key
  • Transfer Device
  • Two-Factor Authentication
• Passphrases
  • Admin
  • Journalist
  • How to Generate a Strong, Unique Passphrase
• Hardware
  • Hardware Overview
  • Advice for users on a tight budget
  • Required Hardware
  • Optional Hardware
  • Specific Hardware Recommendations
• Before You Begin
• Create USB Boot Drives
  • Overview
  • Tails Introduction
  • Ubuntu Introduction
• Set Up the Secure Viewing Station
  • Correct the System Time
• Set Up the Transfer Device and the Export Device
  • Choose media types and encryption
  • Decide how to manage encryption passphrases
  • Create USB Transfer Device
  • Create a USB Export Device
• Generate the Submission Key
  • Create the Key
  • Export the Submission Public Key
• Set up the Admin Workstation
  • Start Tails with Persistence Enabled
  • Download the SecureDrop repository
  • Create the Admin Passphrase Database
• Set Up the Network Firewall
  • Configuration: pfSense
  • Configuration: OPNSense
  • Configuration: Other Firewalls
• Setting Up a pfSense Network Firewall
  • Before You Begin
  • Initial Configuration
  • Disable DHCP on the LAN
  • SecureDrop Configuration
  • Tips for Setting Up pfSense Firewall Rules
  • Keeping pfSense up to Date
• Setting Up An OPNSense Network Firewall
  • Before You Begin
  • Initial Configuration
  • Disable DHCP on the Firewall
  • SecureDrop Configuration
  • Troubleshooting Tips
  • Keeping OPNSense up to Date
• Set Up the Servers
  • Pre-Install Steps
  • Install Ubuntu
  • Test Connectivity
  • Set Up SSH Keys
• Install SecureDrop
  • Install Prerequisites
  • Localization of the Source Interface and Journalist Interface
  • Configure the Installation
  • Install SecureDrop Servers
• Configure the Admin Workstation Post-Install and Create Backups
  • Auto-connect to the Authenticated Onion Services
  • Back Up the Workstations
• Create an Admin Account on the Journalist Interface
• Test the Installation
  • Test Connectivity
  • Sanity-Check the Installation
  • Test the Web Interfaces
• Onboard Journalists
  • Determine Access Protocol for the Secure Viewing Station
  • Create a Journalist Tails USB
  • Set Up Automatic Access to the Journalist Interface
  • Add an account on the Journalist Interface
  • Provision a personal Transfer Device and Export Device
  • Verify Journalist Setup
• Onboard Additional Admins

Deployment Best Practices

• Overview
• Landing Page
  • URL and Location
  • HTTPS Only (No Mixed Content)
  • Perfect Forward Secrecy
  • SSL Certificate Recommendations
  • Do Not Use Third-Party Analytics, Tracking, or Advertising
  • Do Not Hyperlink .onion Addresses
  • Avoid Direct Links to SecureDrop.org
  • Apply Security Headers
  • Additional Apache Configuration
  • Further Security Considerations
  • How to test your Landing Page using Tor Browser
  • Landing Page Content Suggestions
• Minimum requirements for the SecureDrop environment
• Whole Site Changes
  • Suggested
• Sample SecureDrop Privacy Policy
  • Collection of Information From Sources
  • Collection of Information About Journalists’ Use of SecureDrop
  • Data Security
  • Children Under 13
  • Changes to This Policy
  • Contact

Topic Guides

• Promoting Your SecureDrop Instance
  • Make a High Profile Announcement
  • Provide a Clear Link on Your Homepage
  • Provide Links at the Bottom of Your Articles
  • Create an Instructional Video on How to Access and Use Your SecureDrop
  • Regularly Share Your SecureDrop Landing Page on Social Media
  • Target Potential Whistleblowers with Advertising
  • Put an Advertisement in Your Physical Paper
• What Makes SecureDrop Unique
  • No Third Parties that Can Secretly be Subpoenaed
  • Limits the Metadata Trail as Much as Possible
  • Encrypted and Air-Gapped
  • Protects Against Hackers
  • Free and Open Source Software
• Investigating Logs
  • Logs to examine on both servers
  • Application Server Logs
  • Monitor Server Logs
• OSSEC Guide
  • Setting up OSSEC alerts
  • Troubleshooting
  • Analyzing the alerts
• Setting Up a Printer in Tails
  • Installing and Printing via the Tails GUI
  • Printing from the Command Line
• HTTPS on the Source Interface
  • Obtaining an HTTPS certificate for Onion URLs
  • Activating HTTPS in SecureDrop
• SSH Over Local Network
  • Configuring SSH for Local Access
• SecureDrop On-Site Training Schedule
  • Day 1: Install
  • Day 2: Admin and Digital Security Training
  • Day 3: Journalist Training and Onboarding
• Using a YubiKey with the Journalist Interface
  • What is a YubiKey?
  • Download and Launch the YubiKey Personalization Tool
  • Setting Up Hardware-Based Codes
  • Adding Users
  • Using Your YubiKey
• Backing Up and Restoring Servers
  • Minimizing Disk Use
  • Backing Up
  • Restoring from a Backup
  • Migrating Using a Backup
  • Additional Information
• Backing Up and Restoring Workstations
  • Backup the Workstations
  • Restoring a Workstation from a Backup
• Updating Tails USBs
  • Update via Graphical Installer
  • Update Manually
• Rebuilding an Admin Workstation USB
  • Step 1: Prepare the USB sticks
  • Step 2: (Optional) Boot the servers in single-user mode
  • Step 3: Set up Admin Workstation access
  • Step 4: Retrieve SecureDrop configuration info from the servers
  • Step 5: Configure and back up the Application Server
  • Step 6: Use the installer to complete the configuration
  • Step 7: Set up SSH-over Tor
  • Step 8: Post-rebuild tasks
• Troubleshooting Kernel Updates
  • Boot into Single User Mode
  • Test the New Kernel
  • Compare the Behavior of the Old Kernel
  • Roll Back to the Old Kernel
  • Report Compatibility Issues
  • Test and Enable an Updated Kernel
• Getting Support
  • Support Portal
  • Community Based Support
• BIOS Updates on the Servers
  • What you need
  • Perform Backups
  • Prepare the USB Stick
  • Download and Verify Appropriate BIOS Files
  • Update the BIOS
• Off-board Administrators and Journalists
  • Off-boarding checklist
  • Additional steps for off-boarding administrators
  • Rotate the Submission Key
  • Getting Support
• Decommission SecureDrop

Upgrade SecureDrop

• Upgrade from 2.4.1 to 2.4.2
  • Update Servers to SecureDrop 2.4.2
  • Update Workstations to SecureDrop 2.4.2
  • Troubleshooting Kernel Issues
  • Upgrade from Tails 4 to Tails 5
  • Getting Support
• Upgrade from 2.4.0 to 2.4.1
  • Update Servers to SecureDrop 2.4.1
  • Update Workstations to SecureDrop 2.4.1
  • Re-enabling codename filtering (if you previously disabled it)
  • Upgrade from Tails 4 to Tails 5
  • Getting Support
• Upgrade from 2.3.2 to 2.4.0
  • Update Servers to SecureDrop 2.4.0
  • Update Workstations to SecureDrop 2.4.0
  • Tor Browser security issue
  • Upgrade from Tails 4 to Tails 5
  • Language support changes
  • Back Up the Tails Workstations
  • Apply Any Available Firewall Updates
  • Getting Support
• Upgrade from 2.3.1 to 2.3.2
  • Update Servers to SecureDrop 2.3.2
  • Update Workstations to SecureDrop 2.3.2
  • Upgrade to Tails 5.0
  • Getting Support
• Upgrade from 2.3.0 to 2.3.1
  • Update Servers to SecureDrop 2.3.1
  • Update Workstations to SecureDrop 2.3.1
  • Update Tails
  • Getting Support
• Upgrade from 2.2.1 to 2.3.0
  • Update Servers to SecureDrop 2.3.0
  • Update Workstations to SecureDrop 2.3.0
  • Update Tails
  • Ensure You Are on Supported Hardware
  • Back Up the Tails Workstations
  • Apply Any Available Firewall Updates
  • Getting Support
• Upgrade from 2.2.0 to 2.2.1
  • Updating Servers to SecureDrop 2.2.1
  • Updating Workstations to SecureDrop 2.2.1
  • Updating Tails
  • Mac Mini and Intel 5th-gen NUC Deprecation
  • Troubleshooting Kernel Issues
  • Getting Support

Threat Model

• Threat Model
  • Actors
  • Assumptions
  • Assets
  • Implications of SecureDrop Area Compromise
• Data Flow Diagram
• Attacks and Countermeasures on the SecureDrop Environment
  • Application Code — SecureDrop Repository/Release
  • Application Code — Source Interface and Journalist Interface
  • Application Server and Monitor Server
  • SecureDrop Dependencies — Python, Tor, Linux Kernel, apt, Tails, Ubuntu, or Hardware Firewall Vulnerabilities
  • Network Infrastructure — FPF Infrastructure or Organization Corporate Network
  • User Behavior and Hardware — SecureDrop Hardware Tampering or Failure in Operational Security

Two versions of this documentation are available:

• latest - built from the develop branch of the SecureDrop repository, containing updates that have been tested but not yet released.

• stable - built from the stable branch of the SecureDrop repository, and up to date with the most recent release, 2.4.2.